CVE-2025-62779 – Frappe Learning versions 2.39.1 and earlier con... (How to Fix)

Q: What is the severity of CVE-2025-62779?

CVE-2025-62779 has a CVSS score of 5.4 (MEDIUM). Frappe Learning versions 2.39.1 and earlier contain a cross-site scripting (XSS) vulnerability where users can inject HTML through input fields in the Job Form. This allows attackers to execute arbitrary JavaScript in the context of other users' browsers. All users of affected Frappe Learning instances are potentially impacted.

📋 TL;DR

Frappe Learning versions 2.39.1 and earlier contain a cross-site scripting (XSS) vulnerability where users can inject HTML through input fields in the Job Form. This allows attackers to execute arbitrary JavaScript in the context of other users' browsers. All users of affected Frappe Learning instances are potentially impacted.

💻 Affected Systems

Products:

Frappe Learning (LMS)

Versions: 2.39.1 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with Job Form functionality enabled are vulnerable by default.

📦 What is this software?

Learning by Frappe

View all CVEs affecting Learning →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or deploy malware through the application.

🟠

Likely Case

Attackers inject malicious scripts to steal user credentials or session tokens, potentially leading to account compromise.

🟢

If Mitigated

With proper input validation and output encoding, the risk is limited to minor UI disruption without code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction with malicious content; authenticated users can inject payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 75001b494d5d8198eab20b0cd85d5bd719448ea3

Vendor Advisory: https://github.com/frappe/lms/security/advisories/GHSA-j6h8-qg65-3fpx

Restart Required: No

Instructions:

1. Update Frappe Learning to version 2.39.2 or later. 2. Apply the commit 75001b494d5d8198eab20b0cd85d5bd719448ea3 if using source. 3. Verify input sanitization is enabled.

🔧 Temporary Workarounds

Disable Job Form Input

all

Temporarily disable or restrict access to the Job Form input fields.

Implement WAF Rules

all

Configure web application firewall to block HTML/JavaScript injection patterns.

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to restrict script execution.
Enable input validation and output encoding for all user-supplied data in the application.

🔍 How to Verify

Check if Vulnerable:

Test if HTML input in Job Form fields renders as HTML rather than plain text.

Check Version:

Check Frappe Learning version in admin panel or via 'bench version' command if using Frappe Bench.

Verify Fix Applied:

Verify that HTML input in Job Form fields is properly sanitized and displays as encoded text.

📡 Detection & Monitoring

Log Indicators:

Unusual HTML/JavaScript patterns in form submission logs
Multiple failed validation attempts on Job Form inputs

Network Indicators:

HTTP requests with suspicious script tags or event handlers in form data

SIEM Query:

source="frappe_logs" AND (form_data CONTAINS "<script>" OR form_data CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-62779

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (12.1th percentile)

Published: October 27, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62779, you might also want to check these: